Cloud computing: differences in approach between large
organizations that use cloud computing and providers of
cloud services in the Netherlands.
6th Mediterranean Conference on Information Systems
Theo Thiadens Phd
professor IT governance
Fontys university of applied Sciences
the Netherlands.
Core:
1. Public cloud computing is the delivery of standard services on a standard
contract. Suppliers call this the real cloud computing and a new delivery model.
2. Cloud computing needs more regulation. Suppliers place their hope on above
national organizations as f.e. the EU.
3. Large organizations put value on flexibility, less on the financial aspects.
4. In governance and organization supplier are a little further advanced than the
demand side. External influence varies, but is minor in public cloud computing.
 Table of contents.
1. Theory
1.1. Definitions
1.2. Legal aspects
1.3. Business and implementation
1.4. Governance and organization
2. Research set up.
3. Results
3.1. Differences regarding the definition
3.2. Differences regarding the legal aspects
3.3. Differences regarding the business case
3.4. Opinions on governance and organization.
1. Theory: definitions.
Different definitions. Definitions focussing on objective, definitions focussing on
components and definitions focussing on both.
The definition of the NIST is used, that mixes both:
CC = a model for enabling convenient
on demand network access to a
shared pool of configurable
computing resources, that can be
rapidly provisioned and released
with minimal management effort
or service supplier interaction. This
model promotes availability and is
composed of:
- five essential characteristics,
- three service models and
- four deployment models.
1.1. Legal aspects.
Remind:
a. Private law deals with contracts: - liability and quantities
- scalability, price and services
- termination (migration & lock in)
b. Public law: - privacy and confidentiality (f.e. moving information of customers)
- duty bound by authorities f.e. tax and health data
- protection against hackers
- taxes : where in the country that provides the services or where
the service is demanded? (profits, value added tax, advance levies)
 Public cloud computing uses standard contracts
Private cloud computing uses tailor made contracts.
1.3. Business and implementation.
Donkers (2011) :
• Advantages:
• Disadvantages:
lower cost
no initial investment
scalability
reliability
accessibility
performance
scale up and down
quick restore
no physical governance
privacy
security
Donkers (2011)
Reasons
predominantly of a
financial nature.
1.4. Governance and organization.
Processes at customer (user side) dependent upon used cloud service:
a. SaaS :  processes in the field of security, monitoring, service desk and
incident management.
b. PaaS/IaaS  more extensive and more integration with the existing
service management processes. In the integrated organization
more attention to availability, capacity, financial and supplier
management.
Supplier: private clouds governance and reporting described in contract.
public clouds: - standard reports
- audit reports
- partner council, customer councils
2. Research set up.
10 In-depth interviews by groups of students.
Large organizations on user side
Five suppliers: Ms, Google, IBM, Accenture, AFAS
Five users:
InHolland, UvA, Politie, DAF, NXP
Research questions:
- definition for cloud computing
- main legal aspects
- business case
- governance and organization.
3.1. Differences regarding the definition.
Who?
Subject:
Microsoft
Google
IBM
Accenture
AFAS
Cloud computing is a
new delivery model
which sells
services at
subscription fees. All
services can be
purchased per user
per month.
Microsoft provides all
services worldwide
from computer centers
in Europe, Asia and America. Not every service
is provided
everywhere.
A cloud service is a
hosted application or
is provided via a
platform built in
a shared infrastructure and delivered via the web.
Public cloud makes
Cloud computing is
seen as replacement
of the current
applications. Everyone can
use the services
and there are many
applications.
AFAS online is a
windows application
that can be called
via a terminal. It
is a Public SaaS
provision.
Clouds are the resources and cloud services
are provided in conformity
with an SLA to a customer.
It makes a correct
distinction between
resources and
services.
InHolland
University of
Amsterdam
Police, region
Midden-Nederland
DAF
NXP
Cloud computing is
a sequel to
virtualisation. It involves
an organization asking itself
which tasks
it really wants to
perform in-house
Cloud computing is
an extension of
outsourcing. One does
sacrifice some
flexibility.
Not knowing where
the data and
the applications
are. Approach
to ICT facilities
via the internet.
Cloud computing is
outsourcing of
the exploitation of ICT,
not knowing where
one's data is
kept.
The definition is the one
by Gartner: "Style of
computing, in which ICT
application is provided
as scalable and flexible service via the
internet."
Live@edu, Microsoft
mail, absence regisstration (all public cloud
applications)
The University
currently checks out
student email.
Researchers have
freedom and use
cloud services
At the Police force
everyone still knows
where data and applications are: that is not a
cloud. In the long
run towards a hybrid
cloud.
One has a hybrid
cloud. DAF has its own
sharepoint servers.
The business systems
use the
ATOS computer centres.
Private cloud is
computer center hosting.
In addition, NXP uses
public cloud
services, particularly
IaaS and PaaS.
Supplier:
1
Definition:
Distinction between
cloud services:
Who?
Google provides services
from a public
cloud and does not
provide anything tailormade.
use of services
that are somewhere on the
internet and where
one pays per service.
IBM provides complete
solutions for organizations. These are public,
private or hybrid solutions.
Geared towards
Revolution:
standaard
services
public CC.
Subject:
Definition:
Use of
cloud services:
User:
Geared towards
evolution.
Start if used:
student mail
3.2. Differences regarding the legal aspects.
Suppliers: when settlement in USA.:
- Patriot act forces us to provide the
data required by USA government
- Aim at regulation of CC at
supra national level:
* federal government in USA
* EU regulation in Europe
Users: when Dutch government
and universities:
- Aim to comply to Dutch laws
- Methods for example: give students the choice either use own email or universities G-mail
3.3. Differences regarding the business case.
Supplier:
1.
*2007-2008 start
* flexibility
* latest version
* pay as you go
User:
*NXP, DAF every service
evaluated on cost, risk &
functionality
*police&universities:
functionality and future
Less financial!
3.4. Opinions on governance and organization.
Suppliers:
private cloud: contract gives reporting
plus coordination
public cloud: little influence
- Google: dashboard +accountmgnmt
- MS:
partner-+ customercouncil
- AFAS: participation sessions
In some cases: insight in external audits
Users:
Processes : monitoring
security management
service desk& incident
mngmnt
not always set up.